diff options
-rw-r--r-- | iptables/nft.c | 10 | ||||
-rw-r--r-- | iptables/xtables-restore.c | 8 | ||||
-rw-r--r-- | iptables/xtables.c | 2 |
3 files changed, 16 insertions, 4 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index fee91bc7..76e45466 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -147,7 +147,8 @@ static void mnl_nftnl_batch_reset(void) list_for_each_entry_safe(batch_page, next, &batch_page_list, head) { list_del(&batch_page->head); - free(batch_page->batch); + free(mnl_nlmsg_batch_head(batch_page->batch)); + mnl_nlmsg_batch_stop(batch_page->batch); free(batch_page); batch_num_pages--; } @@ -2536,8 +2537,8 @@ static void xtables_config_perror(uint32_t flags, const char *fmt, ...) int nft_xtables_config_load(struct nft_handle *h, const char *filename, uint32_t flags) { - struct nftnl_table_list *table_list = nftnl_table_list_alloc(); - struct nftnl_chain_list *chain_list = nftnl_chain_list_alloc(); + struct nftnl_table_list *table_list = NULL; + struct nftnl_chain_list *chain_list = NULL; struct nftnl_table_list_iter *titer = NULL; struct nftnl_chain_list_iter *citer = NULL; struct nftnl_table *table; @@ -2548,6 +2549,9 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename, if (h->restore) return 0; + table_list = nftnl_table_list_alloc(); + chain_list = nftnl_chain_list_alloc(); + if (xtables_config_parse(filename, table_list, chain_list) < 0) { if (errno == ENOENT) { xtables_config_perror(flags, diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 7e243152..fc39ad9c 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -180,8 +180,10 @@ static void chain_delete(struct nftnl_chain_list *clist, const char *curtable, /* This chain has been found, delete from list. Later * on, unvisited chains will be purged out. */ - if (chain_obj != NULL) + if (chain_obj != NULL) { nftnl_chain_list_del(chain_obj); + nftnl_chain_free(chain_obj); + } } struct nft_xt_restore_cb restore_cb = { @@ -433,6 +435,9 @@ void xtables_restore_parse(struct nft_handle *h, xt_params->program_name, line + 1); exit(1); } + + if (chain_list) + nftnl_chain_list_free(chain_list); } static int @@ -525,6 +530,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[]) xtables_restore_parse(&h, &p, &restore_cb, argc, argv); + nft_fini(&h); fclose(p.in); return 0; } diff --git a/iptables/xtables.c b/iptables/xtables.c index 286866f7..ac113254 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -1281,6 +1281,8 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, *table = p.table; xtables_rule_matches_free(&cs.matches); + if (cs.target) + free(cs.target->t); if (h->family == AF_INET) { free(args.s.addr.v4); |